2

I have an iOS App which currently pulls in all the data from the MongoDB using a Node.js server. Currently my API / my node server handles all the data manipulation the iOS app/Swift only displays the data within the app. My server carries out all the functions on the data being returned from MongoDb.

I have a Joomla website where all my users are registered and have their own username and password.

My app has a login screen, where there are username and password fields. I want that the user enter their Joomla login details (i.e username and password). And only and only if they are registered on my Joomla site they will be allowed access to my App and view the data being pulled in from MongoDB.

Currently my entire app is running JavaScript, NO PHP!

Is there a way that I can authenticate users from my iOS App?

Zanon
  • 329
Lorenzo von Matterhorn
  • 357

1 Answers1

1

Make sure your hashed Joomla password is in your Mongo Db; from your Joomla app you need a call to do that job. In php a curl job can do that job.

Joomla uses bcrypt to hash its passwords so you need a node package for that. There's several and I only succeeded with bcryptjs ;

Now you need to make the authentication mechanism in your Node app that checks against the db. This is Mongoose talking to Mongo. I'll show the snippet where bcrypt makes the comparison. 

function authenticate(req, res, next)
{
var body = req.body;

User.find({username: body.username}, function (err, theuser)
{
    if (theuser.length == 1)
    {
        bcrypt.compare(body.password, theuser[0].password, function (err, ismatch)
        {
            if(ismatch)
            {
                user = {joomlaid:theuser[0].joomlaid,username:theuser[0].username, name:theuser[0].name, useremail:theuser[0].useremail};
                console.log('found user: ' + JSON.stringify(user));
                next();
            }
            else
            {
                console.log("user found but no matching passwords" + ismatch);
                res.status(401).end('Password incorrect');
            }
        })
    }
    else
    {
        console.log('no user found... ' + JSON.stringify(user));
        res.status(401).end('Username or password incorrect');
    }
});

In the struggle to make this I made use of an online bcrypt (de)coder

Jan Doggen
  • 1,138
Albert
  • 11